The latest cyber crisis exercise organised by ENISA has been marked with the release of the after action report and closure video of Cyber Europe 2016. Over 1 000 participants from all 28 EU Member States, along with Switzerland and Norway, joined last year in a simulated crisis which lasted for over 6 months, culminating in a 48‑hour event on 13 and 14 October 2016.

Leveraging a newly developed exercise environment containing dozens of simulated news outlets, TV channels, search engines and social media platforms, the immersion in the exercise was unprecedented.
Source: Cybersecurity and digital privacy newsletter

Physics! Particles! Statistical modelling! Quantum theory! How can non-scientists understand any of it? Well, students from Durham University are here to help you wrap your head around it all – and to our delight, they’re using the power of the Raspberry Pi to do it!

At the Royal Society’s Summer Science Exhibition, taking place in London from 4-9 July, the students are presenting a Pi-based experiment demonstrating the importance of statistics in their field of research.

The Royal Society Summer Science Exhibition 2017 features 22 exhibits of cutting-edge, hands-on UK science , along with special events and talks. You can meet the scientists behind the research. Find out more about the exhibition at our website: https://royalsociety.org/science-events-and-lectures/2017/summer-science-exhibition/

Ramona, Matthew, and their colleagues are particle physicists keen to bring their science to those of us whose heads start to hurt as soon as we hear the word ‘subatomic’. In their work, they create computer models of subatomic particles to make predictions about real-world particles. Their models help scientists to design better experiments and to improve sensor calibrations. If this doesn’t sound straightforward to you, never fear – this group of scientists has set out to show exactly how statistical models are useful.

The Galton board model

They’ve built a Pi-powered Galton board, also called a bean machine (much less intimidating, I think). This is an upright board, shaped like an upside-down funnel, with nails hammered into it. Drop a ball in at the top, and it will randomly bounce off the nails on its way down. How the nails are spread out determines where a ball is most likely to land at the bottom of the board.

If you’re having trouble picturing this, you can try out an online Galton board. Go ahead, I’ll wait.

You’re back? All clear? Great!

Now, if you drop 100 balls down the board and collect them at the bottom, the result might look something like this:

The distribution of the balls is determined by the locations of the nails in the board. This means that, if you don’t know where the nails are, you can look at the distribution of balls to figure out where they are most likely to be located. And you’ll be able to do all this using … statistics!!!

Statistical models

Similarly, how particles behave is determined by the laws of physics – think of the particles as balls, and laws of physics as nails. Physicists can observe the behaviour of particles to learn about laws of physics, and create statistical models simulating the laws of physics to predict the behaviour of particles.

I can hear you say, “Alright, thanks for the info, but how does the Raspberry Pi come into this?” Don’t worry – I’m getting to that.

Modelling the invisible – the interactive exhibit

As I said, Ramona and the other physicists have not created a regular old Galton board. Instead, this one records where the balls land using a Raspberry Pi, and other portable Pis around the exhibition space can access the records of the experimental results. These Pis in turn run Galton board simulators, and visitors can use them to recreate a virtual Galton board that produces the same results as the physical one. Then, they can check whether their model board does, in fact, look like the one the physicists built. In this way, people directly experience the relationship between statistical models and experimental results.

Hurrah for science!

The other exhibit the Durham students will be showing is a demo dark matter detector! So if you decide to visit the Summer Science Exhibition, you will also have the chance to learn about the very boundaries of human understanding of the cosmos.

The Pi in museums

At the Raspberry Pi Foundation, education is our mission, and of course we love museums. It is always a pleasure to see our computers incorporated into exhibits: the Pi-powered visual theremin teaches visitors about music; the Museum in a Box uses Pis to engage people in hands-on encounters with exhibits; and this Pi is itself a museum piece! If you want to learn more about Raspberry Pis and museums, you can listen to this interview with Pi Towers’ social media maestro Alex Bate.

It’s amazing that our tech is used to educate people in areas beyond computer science. If you’ve created a pi-powered educational project, please share it with us in the comments.

http://firedot.nl/wp-content/uploads/2017/08/logo-firedot-zologic-300x113.png00Fireboss7102http://firedot.nl/wp-content/uploads/2017/08/logo-firedot-zologic-300x113.pngFireboss71022017-06-30 11:00:002017-06-30 11:00:00Internet of Humans – How we would like the internet of the future to be

27:52 How To Job
Dez just graduated with a degree in Cybersecurity Management, and wrote ask@tekthing.com, about “how to find a job, whether or not I should go back to school for a Master’s and how soon, if government contract work is a good idea,” and quite a bit more. Answers in the video, and if you’re interested in a job in InfoSec, definately check out the START IN INFOSEC page!https://room362.com/start/

35:07 External Drive OK???
Austin in Springfield, MO writes that has back up drive sounds like it has a “click of death” and writes, “I’m planning on getting a better backup/storage system eventually but since I only just recently graduated college, I don’t quite have the money to get what I want right now so I need a stop gap solution.” Watch the video!

We are closer to having autonomous homes, with advances in video, compute, and data processing capabilities being added to consumer products. This week marks the general availability of the Amazon Echo Show, which is notable not only for its popularity but also for delivering advanced sensing capabilities to a smart speaker. With a touchscreen, video capabilities, and a host of voice-enabled technology, the Echo Show is an evolution of the smart speaker, and it provides a peek into how our homes are evolving to be more perceptive, responsive and autonomous.

Computing Together

The silicon running the new Amazon Echo Show is the Intel Atom x5-Z8350 processor, which delivers a low-power envelope, while also extending the classic product strengths and performance benefits of Intel technology. Some have questioned why Amazon needed this much horsepower. The answer is data. The Echo Show adds far-field voice, camera and display to the speech recognition processing of the original Echo. Smart Home technologies, such as the Echo Show, will traffic in terabytes of data.

There’s a lot of engineering involved in getting speech recognition at high degrees of speed and accuracy that deliver the best customer experiences. We worked with Amazon on this project for more than two years, and it required a massive team effort from hundreds of engineers and architects from all levels of Intel. We had great collaboration with Amazon and worked closely on the architecture, engineering and even marketing.

Collaboration is not only about bits and bytes, however. Our teams formed a lot of strong relationships and those were key to creating the foundation. As our corporate VP Gregory Bryant put it: “Intel and Amazon share a passion for customer experiences. This product is a reflection of the two companies coming together to drive innovation in the smart home and making these experiences come to life.”

Ease of Use is Key

One of the hurdles to smart home adoption has been the complexity. What happens now is someone orders a bunch of devices or buys some things in a big box store, and they plug them all in at home, and then something goes wrong. Their Wi-Fi isn’t efficient enough to support all the devices across the house, or the devices don’t all work together, or the homeowners can’t figure out how to set the network up, and, ultimately, they aren’t blown away by the potential of the smart home.

What the Echo has proven, is that when your devices go beyond answering questions to actually conversing with you and listening and learning your context, then they are proving their value. People are starting to appreciate the benefits from this initial round of speech-enabled products. They like the frictionless interaction through voice, and they are rapidly incorporating devices like the Echo Show into their day-to-day lives. Positive experiences are then encouraging them to take the plunge with other smart home technologies. According to Parks Associates, 53 percent of owners of smart speakers with personal assistants, like Amazon Echo and Google Home, report having a smart home device as well.

It’s Only the Beginning…

With the growth of artificial intelligence, machine learning, and natural language processing, Smart Home devices will continue to learn and improve and eventually automate many of the tasks of running the home, provide peace of mind and enrich daily life.

We’re seeing a lot of improvements in home connectivity, for example, which is absolutely critical to delivering excellent experiences. Foundational technologies transform the home from being merely connected to becoming smart — connectivity, speech, vision and cognition — and will bring about new ways for consumers to interact with technology and the world around them. With increasing speed, these and other innovations needed to power the smart home are within reach, and together with partners like Amazon we’re building the future, today.

Have you ever wondered who is trying to connect to your home network? Or from your home network to the internet? Few internet users consider either of these questions (and the ones that do usually work in the security industry). Many believe the router their internet service provider issued to them is more than sufficient to protect them from threats. Time-after-time even the most basic steps to improve security – changing the default router password – is ignored by consumers. Coincidentally my ISP, Virgin Media, recently told 800,000 of their customers using default passwords to change them immediately.

“You Will Be Breached”

This ethos holds true as much in the commercial world as it does for your home network. But has my home network already been breached? I decided to use Anomali Enterprise to identify any potential malicious activity.

Topology (and shopping list)

The network topology of my home network is fairly simple. Most devices connect wirelessly to my router, an Asus RT-AC68U. Some network switches are plugged directly into the router. In either scenario all data in and out of the network flows through the router. Anomali Enterprise can accept raw syslog feeds from any network device. Given the simplicity of my network I decided to stream syslogs from my router to AE. One other thing to note, not all routers support streaming of router logs via syslog, especially the cheap ones provided by ISPs.

Once I figured out how to configure syslog streaming I then needed to setup a machine to run Anomali Enterprise and Anomali Universal Link, a client that sits in-front of AE to parse the incoming raw syslog feeds. The machine needed to be both powerful enough for AE to analyse my network traffic against millions of IOCs and have enough storage to handle all of the information being thrown at it. For this, I used a spare Mac Mini I had lying around that met the hardware specifications required. I then installed VMFusion on the Mac Mini to run an OS supported by AE – I chose CentOS – and proceeded to setup and configure both Anomali Enterprise and Anomali Universal Link on it.

What I Found

Lots of inbound threats from China

And Russia. And the Untied States. And Ukraine. You get the idea.

That were predominantly scanning IPs

Most IOC matches, totaling hundreds per day, were known scanning IPs. My router reports all information including blocked requests by its firewall so this was unsurprising.

And generally benign

Anomali ThreatStream Threat Intelligence ranks the severity and confidence of an IOC match. I can use AE’s powerful search interface to filter and pivot quickly on the threats detected. This made it easy to identify that most matches were fairly benign with low severity and low confidence scores.

Though some were more serious

Not only were scanning IPs identified by Anomali Enterprise, some outbound connections were being made to a recently identified malware IP. As Anomali Enterprise allowed me to see the detailed analysis and context for the malware IOC in question and view the raw log of the event, I was able to easily identify the potentially comprised machine. Thankfully (for me) in this case it was just one machine and it belonged to a friend who had connected his laptop to the WiFi at my house whilst visiting.

Being extra cautious, I was also able to retrospectively compare this recent malware IOC against all my historic network logs stored in Anomali Enterprise. Thankfully, no matches this time.

In Summary

Whilst their were some known threats observed by Anomali Enterprise on my network most were nothing to worry about. I was able to triage matches and come to this conclusion quickly because Anomali Enterprise provided:

A detailed analysis and context of every IOC matched to my network data

The ability to view the raw log of an event that matched a known IOC

The option to run a forensic search to discover if an IOC had ever been seen in my network data previously

Clearly in a larger corporate network, the amount of data being generated will be significantly greater than on my home network. Corporate networks are more likely to be the subject of targeted and sustained attacks with many more points of weakness (generally employees).

Hey everyone, Lucy here! I’m standing in for Rob this month to introduce The MagPi 59, the latest edition of the official Raspberry Pi magazine.

The MagPi 59

Ever wondered whether a Pi could truly replace your home computer? Looking for inspiration for a Pi-powered project you can make and use in the sunshine? Interested in winning a Raspberry Pi that’s a true collector’s item?

Then we’ve got you covered in Issue 59, out in stores today!

Shiny and new

The Raspberry Pi PC challenge

This month’s feature is fascinating! We set the legendary Rob Zwetsloot a challenge: use no other computer but a Raspberry Pi for a week, and let us know how it goes – for science!

Is there anything you can’t do with a $35 computer? To find out, you just have to read the magazine.

12 summer projects

We’re bringing together some of the greatest outdoor projects for the Raspberry Pi in this MagPi issue. From a high-altitude balloon, to aerial photography, to bike computers and motorised skateboards, there’s plenty of bright ideas in The MagPi 59.

Maybe your Pi will ripen in the sun?

The best of the rest in The MagPi 59

We’ve got a fantastic collection of community projects this month. Ingmar Stapel shows off Big Rob, his SatNav-guided robot, while Eric Page demonstrates his Dog Treat Dispenser. There are also interesting tutorials on building a GPS tracker, controlling a Raspberry Pi with an Android app and Bluetooth, and building an electronic wind chime with magnetometers.

You can even enter our give-away of 10 ultra-rare ‘Raspberry Pi 3 plus official case’ kits signed by none other than Eben Upton, co-creator of the Raspberry Pi. Win one and be the envy of the entire Raspberry Pi community!

MAGNETS!

You can find The MagPi 59 in the UK right now, at WHSmith, Sainsbury’s, Asda, and Tesco. Copies will be arriving in US stores including Barnes & Noble and Micro Center very soon. You can also get a copy online from our store or via our Android or iOS app. And don’t forget: there’s always the free PDF as well.

Get reading, get making, and enjoy the new issue!

Rob isn’t here to add his signature Picard GIF, but we’ve sorted it for him. He loves a good pun, so he does! – Janina & Alex

Details

A malware strain that appears to be based off of the “Petya” ransomware began targeting and infecting governments and businesses worldwide on June 27th, 2017. Since dubbed “NotPetya” by some researchers, and “Nyetya” by others, this malware has spread across Europe and North America and infected several businesses in countries such as Denmark, France, Germany, India, Russia, Spain, Ukraine, North America and the United Kingdom. The Petya ransomware trojan is speculated to be part of a Ransomware-as-a-Service (RaaS) malware family that was first advertised by Janus Cybercrime Solutions as a Ransomware-as-a-Service (RaaS) in late 2015.

The threat actors behind this campaign are currently demanding that an email be sent to “wowsmith123456@posteo[.]net” for the decryption key, accompanied by a payment of 300 USD in Bitcoins sent to “1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX”. The German email provider, Posteo, has blocked the email address that was being used to manage the ransom demands. This now prevents users from receiving decryption keys even if the ransom is paid. It is unknown if the actors behind the campaign will attempt to create a new email account to manage any additional funds that may be received. The actors’ Bitcoin wallet has since received 3.99009155 Bitcoins ($10,161 USD).

Figure 1. Ransom Notification

Anton Gerashchenko, an aide to the Ukrainian Interior Minister, has stated that this infection is “the biggest in Ukraine’s history.” Numerous companies across various industries have been infected with the Petya ransomware. Kievenergo, a utility company, turned off all of their computers after Petya breached their network. Another power company, Ukrenergro, has also reportedly been affected by the malware. Ukraine’s Central Bank has issued a warning on their website regarding how several banks within the country have also been targeted by threat actors. Additionally, the Ukrainian deputy prime minister, Pavlo Rozenko, tweeted an image of a black computer screen stating that the entirety of the government’s computer system had been shut down because of the trojan.

The malware distribution has also reached entities in Denmark and France. The Danish conglomerate company, Maersk, has stated that its customers are unable to use online booking systems and that their internal systems are offline.

Saint-Gobain, a French manufacturing company, has also released a statement discussing that they too have been affected by Petya.

Analysis

As news of the ransomware circulated on June 27, so too did theories of the infection method. Many researchers and companies alike claimed that the malware’s propagation was similar to the May 12th, 2017 outbreak of Wanacry ransomware via the EternalBlue exploit, while others claimed that the infection vector was a phishing campaign with malicious Word document attachments. As the day progressed in Europe it became clear that Russian and Ukrainian entities were most affected. At 11:49 a.m. (UTC+02:00), Ukrainian authorities published a Tweet in which they claimed that the infection was caused via an update issued by the Ukrainian tax account package called “MeDoc.” MeDoc has since issued a statement on Facebook denying these allegations.

Researchers now believe that, in some cases, the initial infection vector was associated with contaminated software updates from MeDoc. Contrary to their statement made earlier in the day, MeDoc released another statement stating that their servers had “made a virus attack.” According to Ukrainian authorities, MeDoc has a built-in update feature that updates periodically. It is believed that this feature was exploited to deliver the malicious Petya Dynamic Link Library (DLL). Researchers also believe that a threat actor(s) managed to compromise the MeDoc server that handled the software updates in order to switch the updates from legitimate software to a malicious payload.

Once inside a victim’s network, Petya spreads internally using the PSEXEC tool that allows execution of process on other systems and Windows Management Instrumentation (WMI) that provides information about local or remote computer systems. Prior to using said tools, Petya will first harvest user credentials from the infected system that are then passed to PSEXEC and WMI to gain access to other machines and systems connected to the network.

Additional information and analysis has lead researchers to believe the ransomware was not, in fact, Petya. Researchers instead maintain that this is a new strain of ransomware which was subsequently dubbed “NotPetya.” Other researchers maintain that due to code reused between this strain of Petya and previously observed strains of Petya, that this is indeed a new variant of the Petya ransomware. Regardless, researchers have also discovered a way to “vaccinate” a machine from NotPetya. However, unlike the WannaCry ransomware that had the ability to be killed via a network connection, this “vaccination” requires modifying a potential victim machine prior to being infected. This involves creating a file that NotPetya drops in the Local Disk (C:) called “perfc.dat” and setting it to read only so it cannot be overwritten. If this file already exists on machine, and is changed to read only, the malware should not be able to infect the machine nor propagate. Leveraging tools like Group Policy (as suggested by researchers at Binary Defense) is a way to automate this “vaccination”.

Figure 2. Reversed Malware to Detect Vaccine

The Infection

Systems infected with the ransomware will attempt to discover a file dropped titled “Perfc.dat.” This library contains the instructions which attempts to gain administrative privileges for the current logged-in user. If the malware achieves administrative privileges through the Windows API AdjustTokenPrivileges, the ransomware will override the Master Boot Record (MBR). Even if the MBR override is unsuccessful, the malware will maintain a schedule to reboot the system one hour after initial infection.

The malware then attempts to find other visible machines on the network by using NetServerEnum and scans for an open TCP 139 port. Researchers believe this strain of ransomware uses three methods to distribute itself once a machine is infected. These include the aforementioned PSEXEC, WMI, and EternalBlue and EternalRomance exploits (used in the WannaCry outbreak). These are used to install and execute the “perfc.dat” on other devices attempting to propagate itself across the network, according to Talos researchers.

Note: The EternalBlue exploit was patched in MS17-010, and should be applied as soon as possible if it has not been already.

Over the past few years, Code Club has made strides toward world domination! There are now more than 10,000 Code Clubs running in 125 countries. More than 140,000 kids have taken part in our clubs in places as diverse as the northernmost tip of Canada and the favelas of Rio de Janeiro.

In the first video from our Code Club International network, we find out about Code Clubs around the world from the people supporting these communities.

Global communities

Code Club currently has official local partners in twelve countries. Our passionate and motivated partner organisations are responsible for championing their countries’ Code Clubs. In March we brought the partners together for the first time, and they shared what it means to be part of the Code Club community:

We invited our international Code Club partners to join us in London and discuss why we think Code Club is so special. Whether you’re a seasoned pro, a budding educator, or simply want to give back to your local community, there’s a place for you among our incredible Code Club volunteers.

Of course, Code Clubs aren’t restricted to countries with official partner communities – they can be started anywhere in the world! Code Clubs are up and running in a number of unexpected places, from Kosovo to Kazakhstan.

Code Club partners gathered together at the International Meetup

The geographical spread of Code Clubs means we hear of clubs overcoming a range of different challenges. One club in Zambia, run by volunteer Mwiza Simbeye, started as a way to get kids off the streets of Lusaka and teach them useful skills. Many children attending had hardly used a computer before writing their first line of code at the club. And it’s making a difference! As Mwiza told us, ‘you only need to see the light shine in the eyes of [Code Club] participants to see how much they enjoy these sessions.’

Student Joyce codes in Scratch at her Code Club in Nunavut, Canada

In the Nunavut region of Canada, Talia Metuq was first introduced to coding at a Code Club. In an area comprised of 25 Inuit communities that are inaccessible via roads and currently combating severe social and economic deprivation, computer science was not on the school timetable. Code Club, along with club volunteer Ryan Oliver, is starting to change that. After graduating from Code Club, Talia went on to study 3D modelling in Vancouver. She has now returned to Nunavut and is helping inspire more children to pursue digital making.

Start a Code Club

Code Clubs are volunteer-led extra-curricular coding clubs for children age 9 to 13. Children that attend learn to code games, animations, and websites using the projects we provide. Working with volunteers and with other children in their club, they grow their digital skillset.

You can run a Code Club anywhere if you have a venue, volunteers, and kids ready to learn coding. Help us achieve our goal of having a Code Club in every community in the world!

To find out how to start a Code Club outside of the UK, you can visit the Code Club International website. If you are in the UK, head to the Code Club UK website for more information.

Help the Code Club International community grow

On the Code Club site, we currently have projects in 28 languages, allowing more young people than ever to learn programming in their native language. But that’s not enough! We are always on the lookout for volunteers to translate projects and resources. If you are proficient in translating from English and would like to help, please visit the website to find out more.

We are also looking for official local partners in Italy and Germany to join our international network – if you know of, or are a part of an enthusiastic non-profit organisation who might be interested to join us, you can learn more here.

Firedot Highlight Reports

Getting threat intelligence into your existing security products – SIEMs, endpoints, network tools — can significantly enhance their effectiveness. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer. Recently we launched a feature that allows you to create your own threat […]

The intelligence in this week’s iteration discuss the following threats: Compromised server, Cryptocurrency miner, Data theft, Malspam, Phishing, Targeted attacks, Underground markets, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity. Trending Threats Olympic Destroyer Takes Aim At Winter […]

In our last post, we talked about how companies can use the concept of a No-Fly list to keep malicious actors out of their networks. So how does a cyber No-Fly list work in a real situation? We spoke with one of our customers, Alaska Airlines, about how they make the most of threat intelligence […]

My name is Teddy Powers. I have worked for Anomali (formerly ThreatStream) for almost the last three years and it’s been one of the best experiences of my life. But if you looked at my résumé or LinkedIn, much like anyone else, you’d do a double take. How in the world did he score a […]

North Korea, or more formally, the Democratic People’s Republic of North Korea (DPRK), is no stranger to international headlines. Most notably, it has captured attention in recent years for its nuclear testing and ballistic missile launches. Events in the cyber landscape have brought negative attention to North Korea as well. The United States officially blamed […]